Hardware wallets are rightly recommended as a strong form of cold storage, but that strength rests on one assumption: the device reached you untampered. Buy one secondhand or from an unknown reseller, and you may be paying for a false sense of security. Understanding the supply-chain risk helps you get the protection you actually want rather than a compromised imitation of it.

The whole point is an untampered start

A genuine hardware wallet protects you because it generates a brand-new, random seed phrase inside the device during your own setup, and that phrase never leaves it. The security model assumes you are the first and only person to ever see that seed. The moment someone else could have influenced the device or known its seed, that assumption collapses and the protection is hollow.

How a tampered device betrays you

  • It may arrive pre-initialised with a seed the seller already knows, so your coins flow into a wallet they control.
  • It may include a card showing a seed phrase to encourage you to use, which a real new device would never do.
  • Its packaging or internals may have been altered to capture or leak your keys.

In each case the device looks and feels legitimate while quietly working against you.

The classic warning sign

The clearest red flag is a device that arrives with a seed phrase already provided, whether printed on a card or pre-loaded. A genuine hardware wallet always creates the seed phrase in front of you during setup. If yours did not, do not transfer any funds to it. Treat it as compromised regardless of how convincing it appears.

Buying to preserve trust

  • Purchase only from the official manufacturer or an authorised seller they list.
  • Avoid marketplace listings from unknown third parties and any used device.
  • Initialise the device yourself so it generates a fresh seed in your presence.
  • If anything about the setup seems pre-done, stop and obtain a verified device instead.

The broader lesson

Supply-chain trust applies beyond hardware wallets to any tool that handles your keys. The principle is consistent: the safest tool is one whose journey to you you can vouch for, initialised fresh under your own control. A small saving on a secondhand device is no bargain if it quietly hands your savings to a stranger.

Pay a little more for a verified device from a trusted source, set it up yourself, and the strong protection a hardware wallet promises becomes protection you can actually rely on.